openshift-admin-router man page

openshift admin router — Install a router

Synopsis

openshift admin router [Options]

Description

Install or configure a router

This command helps to setup a router to take edge traffic and balance it to your application. With no arguments, the command will check for an existing router service called 'router' and create one if it does not exist. If you want to test whether a router has already been created add the --dry-run flag and the command will exit with 1 if the registry does not exist.

If a router does not exist with the given name, this command will create a deployment configuration and service that will run the router. If you are running your router in production, you should pass --replicas=2 or higher to ensure you have failover protection.

Options

--ciphers=""

Specifies the cipher suites to use. You can choose a predefined cipher set ('modern', 'intermediate', or 'old') or specify exact cipher suites by passing a : separated list. Not supported for F5.

--create=false

deprecated; this is now the default behavior

--default-cert=""

Optional path to a certificate file that be used as the default certificate.  The file should contain the cert, key, and any CA certs necessary for the router to serve the certificate. Does not apply to external appliance based routers (e.g. F5)

--disable-namespace-ownership-check=false

Disables the namespace ownership check and allows different namespaces to claim either different paths to a route host or overlapping host names in case of a wildcard route. The default behavior (false) to restrict claims to the oldest namespace that has claimed either the host or the subdomain. Please be aware that if namespace ownership checks are disabled, routes in a different namespace can use this mechanism to 'steal' sub-paths for existing domains. This is only safe if route creation privileges are restricted, or if all the users can be trusted.

--dry-run=false

If true, show the result of the operation without performing it.

--expose-metrics=false

If true, attempts to run an extra container in the pod to expose metrics - the image will either be set depending on the router implementation or provided with --metrics-image. Not useful where comprehensive metrics are available through the stats-port (e.g. haproxy router)

--external-host=""

If the underlying router implementation connects with an external host, this is the external host's hostname.

--external-host-http-vserver=""

If the underlying router implementation uses virtual servers, this is the name of the virtual server for HTTP connections.

--external-host-https-vserver=""

If the underlying router implementation uses virtual servers, this is the name of the virtual server for HTTPS connections.

--external-host-insecure=false

If the underlying router implementation connects with an external host over a secure connection, this causes the router to skip strict certificate verification with the external host.

--external-host-internal-ip=""

If the underlying router implementation requires the use of a specific network interface to connect to the pod network, this is the IP address of that internal interface.

--external-host-partition-path=""

If the underlying router implementation uses partitions for control boundaries, this is the path to use for that partition.

--external-host-password=""

If the underlying router implementation connects with an external host, this is the password for authenticating with the external host.

--external-host-private-key=""

If the underlying router implementation requires an SSH private key, this is the path to the private key file.

--external-host-username=""

If the underlying router implementation connects with an external host, this is the username for authenticating with the external host.

--external-host-vxlan-gw=""

If the underlying router implementation requires VxLAN access to the pod network, this is the gateway address that should be used in cidr format.

--force-subdomain=""

A router path format to force on all routes used by this router (will ignore the route host value)

--host-network=true

If true (the default), then use host networking rather than using a separate container network stack. Not required for external appliance based routers (e.g. F5)

--host-ports=true

If true (the default), when not using host networking host ports will be exposed. Not required for external appliance based routers (e.g. F5)

--images="openshift/origin-${component}:${version}"

The image to base this router on - ${component} will be replaced with --type

--labels="router=<name>"

A set of labels to uniquely identify the router and its components.

--latest-images=false

If true, attempt to use the latest images for the router instead of the latest release.

--max-connections=""

Specifies the maximum number of concurrent connections. Not supported for F5.

--metrics-image=""

If --expose-metrics is specified this is the image to use to run a sidecar container in the pod exposing metrics. If not set and --expose-metrics is true the image will depend on router implementation. Not useful where comprehensive metrics are available through the stats-port (e.g. haproxy router)

-o, --output=""

Output results as yaml or json instead of executing, or use name for succint output (resource/name).

--output-version=""

The preferred API versions of the output objects

--ports="80:80,443:443"

A comma delimited list of ports or port pairs that set the port in the router pod containerPort and hostPort. It also sets service port and targetPort to expose on the router pod. This does not modify the env variables. That can be done using oc env or by editing the router's dc. This is used when host-network=false.

--replicas=1

The replication factor of the router; commonly 2 when high availability is desired.

--router-canonical-hostname=""

CanonicalHostname is the external host name for the router that can be used as a CNAME for the host requested for this route. This value is optional and may not be set in all cases.

--secrets-as-env=false

If true, use environment variables for master secrets.

--selector=""

Selector used to filter nodes on deployment. Used to run routers on a specific set of nodes.

--service-account="router"

Name of the service account to use to run the router pod.

--stats-password=""

If the underlying router implementation can provide statistics this is the requested password for auth.  If not set a password will be generated. Not available for external appliance based routers (e.g. F5)

--stats-port=1936

If the underlying router implementation can provide statistics this is a hint to expose it on this port. Specify 0 if you want to turn off exposing the statistics.

--stats-user="admin"

If the underlying router implementation can provide statistics this is the requested username for auth. Not available for external appliance based routers (e.g. F5)

--strict-sni=false

Use strict-sni bind processing (do not use default cert). Not supported for F5.

--subdomain=""

The template for the route subdomain exposed by this router, used for routes that are not externally specified. E.g. '${name}-${namespace}.apps.mycompany.com'

--type="haproxy-router"

The type of router to use - if you specify --images this flag may be ignored.

Options Inherited from Parent Commands

--api-version=""

DEPRECATED: The API version to use when talking to the server

--as=""

Username to impersonate for the operation

--azure-container-registry-config=""

Path to the file container Azure container registry configuration information.

--certificate-authority=""

Path to a cert. file for the certificate authority

--client-certificate=""

Path to a client certificate file for TLS

--client-key=""

Path to a client key file for TLS

--cluster=""

The name of the kubeconfig cluster to use

--config=""

Path to the config file to use for CLI requests.

--context=""

The name of the kubeconfig context to use

--google-json-key=""

The Google Cloud Platform Service Account JSON Key to use for authentication.

--insecure-skip-tls-verify=false

If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

--log-flush-frequency=0

Maximum number of seconds between log flushes

--match-server-version=false

Require server version to match client version

-n, --namespace=""

If present, the namespace scope for this CLI request

--request-timeout="0"

The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

--server=""

The address and port of the Kubernetes API server

--token=""

Bearer token for authentication to the API server

--user=""

The name of the kubeconfig user to use

Example

  # Check the default router ("router")
  openshift admin router --dry-run
  
  # See what the router would look like if created
  openshift admin router -o yaml
  
  # Create a router with two replicas if it does not exist
  openshift admin router router-west --replicas=2
  
  # Use a different router image
  openshift admin router region-west --images=myrepo/somerouter:mytag
  
  # Run the router with a hint to the underlying implementation to _not_ expose statistics.
  openshift admin router router-west --stats-port=0

See Also

openshift-admin(1),

History

June 2016, Ported from the Kubernetes man-doc generator

Referenced By

openshift-admin(1).

Openshift CLI User Manuals June 2016